CND News and Blog

Monthly Patches are out for SAP, Siemens, Schneider Electric and Unisoc. New Alert for Welotec. Monthly Patches for Microsoft, Adobe, and Node.js are expected this afternoon. SAP  SAP Security Patch Day saw the release of 10 new Security Notes and 2 updated Security Notes. Highest CVSSv3 score of 8.8More info. Siemens  Siemens Monthly Pat...

New Alerts for FRRouting, Westermo, Dell, and OpenSSL. FRRouting  In FRRouting a remote attacker using a malformed Prefix SID attribute in a BGP UPDATE packet can cause the bgpd daemon to crash. CVSSv3 score of 7.5More info. Westermo  WeOS uses the WebDAV PROPFIND and could allow a remote attacker to obtain sensitive information. CVSSv3 s...

New Alerts for Brocade, Apache, Dell, BD, Microsoft Edge, and NetApp. Brocade  An RCE vulnerability in Brocade Fabric OS could allow a remote attacker to execute arbitrary code and use this to gain root access to the switch. CVSSv3 score of 8.6More info. Apache  Apache has updated HTTP Server to fix several security vulnerabilities, inclu...

New Alerts for Cisco, HTTP/2, Ivanti, ABB, HPE, Lexmark, and Linux. Cisco  Cisco has published 12 new bulletins, 1 rated High and the rest Medium. Highest CVSSv3 score of 7.5More info.A vulnerability in the OOB PnP feature of Cisco Nexus Dashboard Fabric Controller could allow a remote attacker to read arbitrary files. CVSSv3 score of 7.5More ...

Monthly Patches are out for Google Pixel. New Alerts for VMware, Supermicro, Google Chrome, Hitachi, TRENDnet, NetApp, and Linux. VMware  Multiple vulnerabilities have been fixed in VMware SD-WAN. Highest CVSSv3 score of 7.4More info. Supermicro  Three security issues have been discovered in select Supermicro motherboards. Highest CVSSv3 ...

Monthly Patches are out for Google Android and Samsung. New Alerts for IBM and Linux. Google  Android Monthly Patches are out, with 8 vulnerabilities, all rated High, plus MediaTek, Widevine, and Qualcomm patches.More info. Samsung  Samsung Monthly Patches for Mobile are out, with Android patches and 17 additional Samsung vulnerabilities....

Monthly Patches are out for Qualcomm and MediaTek. A backdoor has been discovered in XZ Utils. New Alerts for Eaton, Microsoft Edge, Dell, and HPE. XZ Utils Exploit A backdoor has been installed XZ Utils. It was discovered before it made its way into most Linux distributions and its impact should be limited. CVSSv3 score of 10.More info. And here. ...

New Alerts for Dell, F5, and NetApp. Dell  PowerScale OneFS, Power Protect Data Manager, PowerMaxOS, PowerMax OS, Unisphere 360, Unisphere for PowerMax, Unisphere for PowerMax vApp, Solutions Enabler vApp, and Dell PowerMax EEM all have remediation available for multiple security vulnerabilities in third-party software. Dell rates these Critic...

New Alerts for Cisco, Splunk, NVIDIA, Microsoft Edge (Exploit), IBM, DrayTek, Wireshark, and Linux. Cisco  Cisco has published 17 new bulletins, 10 rated High and 7 rated Medium. Highest CVSSv3 score of 8.6More info.A vulnerability in the LISP feature of IOS Software and IOS XE Software could allow a remote attacker to cause an affected device...

New Alerts for Google Chrome, AutomationDirect, Hitachi Energy, Dell, HPE, curl, an Linux. Google  Google has updated Chrome for Desktop to fix 7 security vulnerabilities, at least 1 rated Critical.More info.Microsoft is aware. More info. AutomationDirect  C-MORE EA9 HMI contains several vulnerabilities, including Path Traversal, Stack-Ba...

New Alerts for Apple, BD, IBM, Kaspersky, Tenable, and Linux. Apple  Apple has published security updates for macOS and Safari, as well as provided details for last week's iOS, iPadOS, and VisionOS bulletins.More info. BD  BD has published security updates to fix third-party software for IDM, Data Agent, Pyxis, CCE, and Alaris.More info. ...

New Alerts for Microsoft Edge, F5, NetApp, and Linux. Microsoft  Microsoft has updated Edge to fix 2 Edge-specific vulnerabilities and include the latest chromium updates.More info. F5  BIG-IP and BIG-IQ contain a vulnerable version of Bind that could result in a DoS. CVSSv3 score of 7.5More info. NetApp  NetApp has published 8 bulle...

New Alerts for Honeywell, Rockwell Automation, Apple, Mozilla, and Linux. Honeywell  XSS / Arbitrary Code Injection vulnerabilities exist in Honeywell MPA2. Highest CVSSv3 score of 8.1More info. Rockwell Automation  A DoS vulnerability exists in the PowerFlex 527 due to improper input validation in the device. If exploited, the web server...

New Alerts for HP, F5, IBM, Dell, BD, and Linux. HP  HP OfficeJet Pro printers are vulnerable to a DoS when using an improper eSCL URL GET request. CVSSv3 score of 6.5More info. F5  Traffix SDC contains a vulnerability that allows a remote attacker to cause a DoS. CVSSv3 score of 6.5More info. IBM  IBM Spectrum Protect Plus can be af...

New Alerts for Franklin Electric Fueling Systems, Google Chrome, Atlassian, Dell, and Linux. Franklin Electric  Franklin Fueling System EVO 550, EVO 5000 contains a Path Traversal vulnerability that could allow a remote attacker to read arbitrary files on the system. Highest CVSSv3 score of 8.7More info. Google  Google has updated Chrome ...

New Alerts for IBM, Mozilla, Acronis, Dell, and Linux. IBM  IBM App Connect Enterprise is vulnerable to a remote attacker due to node.js IP package. CVSSv3 score of 9.8More info. Mozilla  Mozilla has published updates for Firefox, Firefox ESR, and Thunderbird, all rated High.More info. Acronis  Acronis Cyber Protect Cloud Agent has b...

New Alerts for IBM, PaperCut, Canon, and Linux. IBM  IBM Cloud Pak for Data Scheduling contains vulnerable third-party software packages. Highest CVSSv3 score of 9.8More info. And here. PaperCut  The Monthly Security Bulletin is out for PaperCut NG/MF. Highest CVSSv3 score of 8.6More info. Canon  A potential buffer overflow vulnerabi...

New Alerts for Juniper, Microsoft Edge, Dell, HPE, NetApp, Mitel, and Linux. Juniper  Multiple vulnerabilities have been resolved in Juniper Secure Analytics. Highest CVSSv3 score of 9.8More info. Microsoft  Microsoft has updated Edge to fix chromium-based vulnerabilities as well as 3 Edge-specific vulnerabilities.More info. Dell  De...

New Alerts for Cisco, Arcserve, Apache Tomcat, BD, Mitsubishi Electric, IBM, and Linux. Cisco  Cisco has published 7 new security bulletins. Highest CVSSv3 score of 7.8.More info. A vulnerability in theDHCPv4 server feature of IOS XR Software could allow a remote attacker to trigger a crash of the dhcpd process, resulting in a DoS. CVSSv3 scor...

Monthly Patches are out for Microsoft, Adobe, and Fortinet. New Alerts for Google Chrome, Bosch, Citrix, Hitachi, IBM, Intel, and Linux. Tomorrow may be Palo Alto Monthly Patches. Microsoft  Microsoft Monthly Patches include 61 vulnerabilities. Two are rated Critical. Highest CVSSv3 score of 9.8More info. And here. Adobe  Adobe Monthly Pa...